/*
 * Copyright (c) 2001-2007, Inversoft, All Rights Reserved
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
 * either express or implied. See the License for the specific
 * language governing permissions and limitations under the License.
 */
package org.inversoft.vertigo.acegi;

import org.acegisecurity.GrantedAuthority;

/**
 * <p>
 * This interface allows Vertigo to use ACEGI without the use of the slightly
 * painful UserDetails interface. Instead, this allows the application to work
 * directly with the user object of its choosing.
 * </p>
 *
 * @author  Brian Pontarelli
 */
public interface VertigoAuthenticationService<T> {
    /**
     * Attempts to load the user from the database. This should not worry about the password at all
     * as that is checked by the {@link org.inversoft.vertigo.acegi.VertigoAuthenticationProvider}.
     * If the user account doesn't exist, this should return null.
     *
     * @param   username The username to look for.
     * @return  The user object or null if it doesn't exist.
     */
    T loadUser(String username);

    /**
     * Retrieves the username for the given User object.
     *
     * @param   user The user object.
     * @return  The username.
     */
    String getUsername(T user);

    /**
     * Retrieves the password for the given User object.
     *
     * @param   user The user object.
     * @return  The password so that it can be verified.
     */
    String getPassword(T user);

    /**
     * Determines if the users account has expired (trial period or something like that).
     *
     * @param   user The user to verify.
     * @return  True if the account is expired, false otherwise.
     */
    boolean isExpired(T user);

    /**
     * Determines if the users account has been locked (by an admin or someone with great power - hehe).
     *
     * @param   user The user to verify.
     * @return  True if the account is locked, false otherwise.
     */
    boolean isLocked(T user);

    /**
     * Determines if the users account has been disabled (by an admin or by the user).
     *
     * @param   user The user to verify.
     * @return  True if the account is disabled, false otherwise.
     */
    boolean isDisabled(T user);

    /**
     * Determines if any of the users credenditals have expired (the password was reset and needs
     * to be changed or the password is old).
     *
     * @param   user The user to verify.
     * @return  True if any credentials have expired, false otherwise.
     */
    boolean areCredentialsExpired(T user);

    /**
     * Returns the granted authorities for the user. This is the one interface we still need to use
     * because it is defined on the ACEGI authentication interface (sucks).
     *
     * @param   user The user to get the granted authorities for.
     * @return  The authorities for the user.
     */
    GrantedAuthority[] getGrantedAuthorities(T user);
}